Presentation on theme: "A Preliminary Investigation of Worm Infections in a Bluetooth Environment PAPER REVIEW ANISH DUTTA- 50133679 RAGAVENDRAN SRINIVASAN-50134639 SABAREESWAR."— Presentation transcript:
A Preliminary Investigation of Worm Infections in a Bluetooth Environment PAPER REVIEW ANISH DUTTA RAGAVENDRAN SRINIVASAN SABAREESWAR GOWRI SHANKAR
Bluetooth- A Short Intro: One of the most popular Wireless Protocols in the recent years Communication Protocol for low-power, wireless devices- Operates in the Unlicensed Band: 2.4 GHz Range: In Theory- 100m, In Practice meters. Discoverable Option in Bluetooth- (Inquiry message) Supports two Link Layer Connections: 1.Synchronous Connection Oriented Link (SCO) 2.Asynchronous Communication Link (ACL)
Bluetooth- A Short Intro: Security Features? Uses Cryptographic Protocols creating a shared Key. This Key is used to encrypt all the exchanging data. Same Key also used in subsequent reconnection- No Re-Authentication necessary! Above process known as Pairing. Uses Per connection Unique PIN- a digit that ranges from 4 to 7 digits.
WORMS in Security Context? Standalone Malware Programs Replicates itself in order to spread to other Systems Different from Computer Virus- How? Unlike Virus it does not need to attach itself to an existing Computer Program Main aim of a virus is to corrupt a file where as main aim of a worm is to damage the network. WORMS heavily relies on Security Loop Holes!
BLUETOOTH Worms any different? Yes!!! Typically when compared to Internet and MANET Worms. Internet worm likely infects a PC that has access to fast bandwidth rich Internet Connection- Once infected the worm can infect any other host in the internet. Bluetooth worm infects a different class of devices: Mobile Power-constrained with Bluetooth Radios. Unlike Internet worms, Bluetooth worms thrive on the vulnerability of the device, how the device moves, interacts and responds. Also when we compare them to MANET worm- in the first glance looks similar, but on careful observation the differences are evident. MANET has nodes that participates in multihop communication! An infected node can cause other nodes in the hop route to be infected unlike Bluetooth where the propagation of one node to another node is slow.
BLUETOOTH ATTACKS- Vulnerabilities Protocol Complexity Cryptographic Vulnerabilities Social Engineering Based Attacks Software Vulnerabilities
Feasibility of a Bluetooth Worm Few questions we should ask so as to know if a large scale Bluetooth worm attack is possible and if so how much damage can be done through such outbreaks? 1. Are discoverable Bluetooth –enabled devices prevalent today? 2. How Heterogeneous is the population of devices? 3. Are typical inter-device contact durations long enough to allow a worm to replicate it? 4. Can a worm replicate between two devices moving in opposite directions at human walking speeds?
Experiments Answered our doubts! Discoverable Bluetooth devices are prevalent today. The Population of Devices is Homogeneous Contact Durations are long enough for a Worm to Replicate Worms can replicate between Devices moving in Opposite Directions
Understanding the Bluetooth Worm Propagation To understand it, a simulation set up was created the data gathered from which proved to be very useful in reaching important conclusions. The simulation captured various important factors such as: Factors for worm infection Number of initial devices infected. Total size of the device population. Fraction of vulnerable devices. Time of the day when the infection occurs. A preliminary model has been created that approximated the behavior of a large device population. This was used as a reference for the Bluetooth worm simulation.
How quickly does a Bluetooth Worm Infects? The simulation model tried to find out how quickly a worm infects vulnerable node- in a population of 10,000 devices. Experiments conducted All devices are Vulnerable Only 25% of the devices are Vulnerable
Whether the Initial number of Infection seeds affects the worm propagation It was found that more seeds make the worm propagate faster. Although the infection speed up rate was modest Conclusion: The number of initial seeds does not strongly affect the worm spread
Whether the Initial time of Outbreak affects the Worm propagation? Potentially all devices are vulnerable. It was found that a worm’s infection rate is initially slow if the outbreak occurs during off-peak hours. Most of the devices are more vulnerable in the night time. Also it was found that the worm spread became slower in weekends and Holidays.
SUMMARIZING the obtained results: 1.Bluetooth worms were found to spread more quickly only in few specific days. If all the devices are Vulnerable nearly 90% of the devices get affected within 24 hours. 2.The rate of spreading of the Bluetooth worms is directly proportional to the number of initial seeds present. 3.Bluetooth worm spreads more quickly during the day than in night.
Common Bluetooth Attacks: Bluejacking: An e-contact is sent by the attacker which when downloaded gives the attacker the permission to access the victims contact book. It is a known Bluetooth spam. Car Whisperer: It’s a software that lets attacker use the car stereo to eavesdrop on our ongoing call. Bluebugging: The most dangerous of all, allows user to access the victim's phone resources and use its features including calling, forwarding incoming calls, sending texts etc. without even the victim getting to know.
What Can be done to improve the Bluetooth security features? As the Bluetooth protocol is complex, it faces already a large set of known security attacks that should be closely monitored and studied. The devices should be kept in Non-discoverable mode when not in use. This is a very useful countermeasure. The Bluetooth should be turned off when not in use. This is a good practice as it prevents any worm to attack the device.
What Can be done to improve the Bluetooth security features? (cont.) Starting a Bluetooth worm attack is easy. Hence more effort should be put to make file exchange cryptographically stronger. The Bluetooth PIN that is used while exchanging information is relatively easy to break. This should be replaced with algorithm with a better sense of confusion, diffusion and linear complexity so as to confuse the attacker. In places such as daily work place, schools, airports etc. where the density of Bluetooth devices are high, a monitoring system can be installed that can warn or prevent the outbreaks of such attacks.
What Can be done to improve the Bluetooth security features? (cont.) Bluetooth attacks thrive on exploiting the permission request/grant process that form the backbone of Bluetooth connectivity. Regardless of the security features on the device, the best possible way to prevent such attacks is to power off the Bluetooth radio whenever not in use.
References 1.A Preliminary Investigation of Worm Infections in a Bluetooth Environment. Department of Computer Science, University of Toronto, Department of Electrical and Computer Engineering, University of Toronto 2.http://blog.kaspersky.com/bluetooth-security/http://blog.kaspersky.com/bluetooth-security/ 3.Wikipedia